Maginos Posted January 28, 2023 Share Posted January 28, 2023 On 11/7/2021 at 5:03 PM, svh1985 said: I just started a 2nd scan after two months, and the notify script still picks up the previous infection (a file that I since removed) from the ClamAV docker logs, so I still get an FOUND message. Anyone else seeing this? I also have this issue. What I also observe is, that files are are listed multiple times in my logs. Can someone help me to get rid of this? Thank you! Quote Link to comment
TQ Posted January 28, 2023 Author Share Posted January 28, 2023 5 hours ago, Maginos said: I also have this issue. What I also observe is, that files are are listed multiple times in my logs. Can someone help me to get rid of this? Thank you! In the logs they should be time stamped. Is it finding the file again after deletion, or is it showing the previous infected file with previous time stamped entry? Can you post a section of the logs for view? Quote Link to comment
Maginos Posted January 28, 2023 Share Posted January 28, 2023 20 minutes ago, TQ said: In the logs they should be time stamped. Is it finding the file again after deletion, or is it showing the previous infected file with previous time stamped entry? Can you post a section of the logs for view? I attached the log from the last scan. In this log no infected file was found. In the logs before I deleted the infected files, the lines look like: /scan/path/to/infected/file: Heuristics.Phishing.Email.SSL-Spoof FOUND So there is no timestamp. I assume, it shows the infected files from previous scans. How can I get rid of this? clamav_logs.txt Quote Link to comment
TQ Posted January 28, 2023 Author Share Posted January 28, 2023 22 minutes ago, Maginos said: I attached the log from the last scan. In this log no infected file was found. In the logs before I deleted the infected files, the lines look like: /scan/path/to/infected/file: Heuristics.Phishing.Email.SSL-Spoof FOUND So there is no timestamp. I assume, it shows the infected files from previous scans. How can I get rid of this? clamav_logs.txt 5.15 kB · 0 downloads Hmm. Well, definitely should add timestamp to `stdout` next update. (adds to my to-do list) So, are you referring to the pop-up in the Unraid GUI that shows the previous virus found message? Just want to make sure I understand fully. Quote Link to comment
Maginos Posted January 28, 2023 Share Posted January 28, 2023 4 minutes ago, TQ said: Hmm. Well, definitely should add timestamp to `stdout` next update. (adds to my to-do list) So, are you referring to the pop-up in the Unraid GUI that shows the previous virus found message? Just want to make sure I understand fully. That would be great, thanks! 4 minutes ago, TQ said: Hmm. Well, definitely should add timestamp to `stdout` next update. (adds to my to-do list) So, are you referring to the pop-up in the Unraid GUI that shows the previous virus found message? Just want to make sure I understand fully. I'm referring to the email I get after the scan has finished. Unfortunately the content is too long to get sent via Telegram, so I had to check mail notification. Quote Link to comment
TQ Posted January 28, 2023 Author Share Posted January 28, 2023 On 1/23/2023 at 5:52 AM, rbronco21 said: If I add "--max-filesize=200M --max-scansize=500M" to Post Arguments, my log is empty and I am unsure if it has done anything. If I add a -i, it fails with this in the log: clamd: illegal option -- i ERROR: Unknown option passed ERROR: Can't parse command line options These options also fail: -f /scan/appdata/clamav/clamavtargets.txt clamd: illegal option -- f ERROR: Unknown option passed ERROR: Can't parse command line options --file-list=/scan/appdata/clamav/clamavtargets.txt clamd: unrecognized option `--file-list=/scan/appdata/clamav/clamavtargets.txt' ERROR: Unknown option passed ERROR: Can't parse command line options I have to be missing something because there aren't other posts about this. What's going on? That is strange. I just rebuilt the container on my test Unraid server to ensure it was pulling new and starting with new config. I passed the -i and -f parameters respectively, and all passed and worked. I do see two potential issues with your configuration. Wondering if you're adding the parameters to the "Extra Parameters" instead of "Post-Arguments" options. I added the following parameters to that section and it runs normally. -i --log=/var/lib/clamav/log.log --max-filesize=4096M --file-list=/scan/file-list.txt Also, parameters should be from the "container's" perspective. I pass the file list using the container's path. Output: 2023-01-28T16:05:17+00:00 ClamAV process starting Updating ClamAV scan DB ClamAV update process started at Sat Jan 28 16:05:17 2023 daily.cvd database is up-to-date (version: 26795, sigs: 2018570, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2) Freshclam updated the DB ClamAV 0.104.3/26795/Sat Jan 28 08:27:17 2023 Scanning /scan WARNING: Only scanning files from --file-list (files passed at cmdline are ignored) ----------- SCAN SUMMARY ----------- Known viruses: 8650505 Engine version: 0.104.3 Scanned directories: 4 Scanned files: 6 Infected files: 0 Data scanned: 0.15 MB Data read: 5678.47 MB (ratio 0.00:1) Time: 26.245 sec (0 m 26 s) Start Date: 2023:01:28 16:05:17 End Date: 2023:01:28 16:05:43 2023-01-28T16:05:43+00:00 ClamAV scanning finished Quote Link to comment
Maginos Posted January 28, 2023 Share Posted January 28, 2023 6 minutes ago, TQ said: Wondering if you're adding the parameters to the "Extra Parameters" instead of "Post-Arguments" options. I added the following parameters to that section and it runs normally. Nope, I had only the -i option in Post-Arguments. I added the other parameters you suggest and I think on Monday, I will see, if they help. Since the -f option is not listed in the Docker Hub page, can you tell what this parameter does? Quote Link to comment
Maginos Posted January 28, 2023 Share Posted January 28, 2023 This is my output from the docker container: docker run -d --name='ClamAV' --net='bridge' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Tilda" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='http://its.ucsc.edu/software/images/clam.png' -v '/mnt/user':'/scan':'ro' -v '/mnt/nmvecache/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine' -i --log=/var/lib/clamav/log.log --max-filesize=4096M --file-list=/scan/file-list.txt 7fd0b66f015ed72c98def70d4a2f24faa1ce017b16c414b772856200a7b8ad02 The command finished successfully! Quote Link to comment
TQ Posted January 28, 2023 Author Share Posted January 28, 2023 1 hour ago, Maginos said: This is my output from the docker container: docker run -d --name='ClamAV' --net='bridge' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Tilda" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='http://its.ucsc.edu/software/images/clam.png' -v '/mnt/user':'/scan':'ro' -v '/mnt/nmvecache/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine' -i --log=/var/lib/clamav/log.log --max-filesize=4096M --file-list=/scan/file-list.txt 7fd0b66f015ed72c98def70d4a2f24faa1ce017b16c414b772856200a7b8ad02 The command finished successfully! That is the output of the command to run the container. You can see the logs by either clicking the icon in the Docker tab, and choosing "Logs" or by running the command below from an SSH session. docker logs -f ClamAV Quote Link to comment
Maginos Posted January 28, 2023 Share Posted January 28, 2023 5 minutes ago, TQ said: That is the output of the command to run the container. You can see the logs by either clicking the icon in the Docker tab, and choosing "Logs" or by running the command below from an SSH session. docker logs -f ClamAV Yes I know. I thougt, it might be helpful for you. 2 hours ago, Maginos said: I attached the log from the last scan. I already posted the output of the log file in this post as txt file. Quote Link to comment
Barry Staes Posted March 1, 2023 Share Posted March 1, 2023 (edited) New install, first run, something is off with permissions for a new install. See bottom for sus causes and tests. The container was created normally as such: Command execution docker run -d --name='ClamAV' --net='bridge' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="bTower" -e HOST_CONTAINERNAME="ClamAV" -e 'USER_ID'='99' -e 'GROUP_ID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.icon='https://its.ucsc.edu/software/images/clam.png' -v '/mnt/user':'/scan':'ro' -v '/mnt/cache_apps/appdata/clamav':'/var/lib/clamav':'rw' 'tquinnelly/clamav-alpine' -i 51721770e6d4bf942cef86765a8bc9f159e8633e06f90b96327349aab8eee4a0 The command finished successfully! Mind the ID's used. But when started there are errors: ERROR: Can't create freshclam.dat in /var/lib/clamav ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! ERROR: Can't create freshclam.dat in /var/lib/clamav ERROR: Failed to save freshclam.dat! WARNING: Failed to create a new freshclam.dat! ERROR: initialize: libfreshclam init failed. ERROR: Initialization error! 2023-03-01T08:54:30+00:00 ClamAV process starting Updating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') 2023-03-01T08:54:51+00:00 ClamAV process starting Updating ClamAV scan DB Hint: The database directory must be writable for UID 100 or GID 101 An error occurred (freshclam returned with exit code '2') ** Press ANY KEY to close this window ** Trying to find a cause.. Maybe because my Unraid gave the docker different User and Group ID's ? Maybe because the new `/appdata/clamav` folder was created with less permissions (drwxr-xr-x) than all other folders (drwxrwxrwx) ? => I am running the latest CA Plugin version 2023.02.25 and wil run a test with other dockers soon to compare results. Edited March 1, 2023 by Barry Staes Quote Link to comment
cynod Posted March 28, 2023 Share Posted March 28, 2023 I'm seeing the same issue as @Barry Staes on a fresh install. The container installs fine but "/mnt/cache/appdata/clamav" (and /mnt/user/appdata/clamav) is created 755 with owner "nobody" (which has uid 99 in the base unraid OS) and group "users" (which is gid 100). I tried changing the container USER_ID from 99 to 100 and GROUP_ID from 100 to 101 but got same result. I also tried changing to 775 and also chown 100.101 but same error. I ended up chmod'ing "/mnt/cache/appdata/clamav" to 777 which got ClamAV running but it doesn't feel like the right solution. Quote Link to comment
cynod Posted March 28, 2023 Share Posted March 28, 2023 I note that clamscan doesn't have a multithreaded option (other than running it multiple times on different locations) but clamdscane/clamd does. Has anyone tried to run clamd and then use clamdscan with --multiscan (or similar) to speed things up? Quote Link to comment
TQ Posted March 28, 2023 Author Share Posted March 28, 2023 3 hours ago, cynod said: I'm seeing the same issue as @Barry Staes on a fresh install. The container installs fine but "/mnt/cache/appdata/clamav" (and /mnt/user/appdata/clamav) is created 755 with owner "nobody" (which has uid 99 in the base unraid OS) and group "users" (which is gid 100). I tried changing the container USER_ID from 99 to 100 and GROUP_ID from 100 to 101 but got same result. I also tried changing to 775 and also chown 100.101 but same error. I ended up chmod'ing "/mnt/cache/appdata/clamav" to 777 which got ClamAV running but it doesn't feel like the right solution. I agree, it feels dirty to chmod 777 to a dir. You can do the below to the directory to resolve the issue. chmod -R u-x,go-rwx,go+u,ugo+X /mnt/cache/appdata/clamav chown -R nobody:users /mnt/cache/appdata/clamav Note: hack that I use, when creating directories and such via ssh, I use the following sudo -u nobody -g users 'command here' ...so that the perms dont come back to bite me. Quote Link to comment
Masterwishx Posted March 31, 2023 Share Posted March 31, 2023 @TQ is it possible to make this container to use with nextcloud ? Quote Link to comment
TQ Posted March 31, 2023 Author Share Posted March 31, 2023 2 hours ago, Masterwishx said: @TQ is it possible to make this container to use with nextcloud ? It should be quite possible, yes. I do not use Nextcloud so bit of a challenge for me. Quote Link to comment
Masterwishx Posted March 31, 2023 Share Posted March 31, 2023 5 hours ago, TQ said: It should be quite possible, yes. I do not use Nextcloud so bit of a challenge for me. in Nextcloud there are 3 options: daemon,daemon (socket),Executable . in this container is no daemon right? so we can use only executable, but how to get to Nextcloud path of executable ? Quote Link to comment
SShadow Posted April 26, 2023 Share Posted April 26, 2023 (edited) When installing the latest update from 4/22/2023 on Unraid 6.11.5 I saw the error below during installation: The docker starts but immediately stops. When looking at the log I get the following error: Is there something I need to adjust in the template for the new build? Thank you. Edited April 26, 2023 by SShadow 1 Quote Link to comment
dreadu Posted April 27, 2023 Share Posted April 27, 2023 17 hours ago, SShadow said: When installing the latest update from 4/22/2023 on Unraid 6.11.5 I saw the error below during installation: The docker starts but immediately stops. When looking at the log I get the following error: Is there something I need to adjust in the template for the new build? Thank you. I got exactly the same issue. Same error 6.11.5 as well. Quote Link to comment
dhawk2k Posted April 27, 2023 Share Posted April 27, 2023 I can confirm I experience the same error using Unraid 6.11.5. The other ClamAV docker available requires an active console or tmux session to run a scan command explicitly. I prefer this automated one and check the logs. Hopefully the developers see this and can correct. Quote Link to comment
TQ Posted April 27, 2023 Author Share Posted April 27, 2023 I will check on it tonight. Not sure how the arch changed. Quote Link to comment
TQ Posted April 27, 2023 Author Share Posted April 27, 2023 Latest branch updated. Please re-pull and LMK. 1 Quote Link to comment
dreadu Posted April 27, 2023 Share Posted April 27, 2023 Thanks for the quick fix! Seems to work again (as well in combination with the user scrip for different shared). Quote Link to comment
SShadow Posted April 28, 2023 Share Posted April 28, 2023 I can confirm mine is working now too. Thank you for the quick turnaround on the fix! Quote Link to comment
bmartino1 Posted May 11, 2023 Share Posted May 11, 2023 I've noticed that my logs are in UTC time. is there a way to get the alpine packaged installed for TZ data to pass and update the scan log to be in time zone time? Reviewing this docker. for logs and time. https://serverfault.com/questions/683605/docker-container-time-timezone-will-not-reflect-changes I have found that the log is in UTC Time. Is there a way for me to add a custom script to run or to pass the TZ via environments to use local time for clam AV logging? I believe a package would have to be added to the alpine image to accomplish this. -v /etc/localtime:/etc/localtime:ro -v /etc/timezone:/etc/timezone:ro Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.